Re: ACL on Nexus 9k

ilhan05 · ‎10-26-2020

Hello,

When I try to apply an ACL to a Layer2 port, I am having this message. Does anyone know how to do it on nxos?

SPOR-MPLS(config-if)# show run interface ethernet 1/7

interface Ethernet1/7
switchport mode trunk
switchport trunk allowed vlan 818

SPOR-MPLS(config-if)# ip access-group multicast in
This access-list configuration is not allowed when the port is a switchport or a port-channel member

balaji.bandi · ‎10-27-2020

it is a L2 interface and you are attempting to assign a L3 ACL on a L2 interface, it required to apply in L3 interface where it located.

here is reference :

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_01010.html#con_1...

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ilhan05 · ‎10-27-2020

Hello again,

Since I could do it on ios (and it worked), I wonder if it was possible on nxos too.

Is this the difference between ios and nxos?

SE#show ip access-lists 107
Extended IP access list 107
10 permit ip any any
SE#show run interface fastEthernet 0/7
Building configuration...

Current configuration : 109 bytes
!
interface FastEthernet0/7
switchport access vlan 404
switchport mode access
ip access-group 107 in
end

ngkin2010 · ‎10-27-2020

Hi,

It's supported on IOS, but not supported on NX-OS.

You need Port ACL instead:

interface FastEthernet0/7
  ip port access-group 107 in

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_01010.html#task_...